Web defacement contest scheduled for Sunday

Lock down your Web servers'the first Defacers Challenge, complete with prizes for the hacker or hackers who can first deface 6,000 Web sites, is scheduled for this Sunday, July 6.

According to an announcement posted at www.defacers-challenge.com, the contest will be conducted over a six-hour period. The start time has not been set, but it probably will be in the morning.

'My hope is this being first of many defacers-challenge!' the site says.

The announcement is written in comically broken English, but security experts are taking the threat seriously. Internet Security Systems Inc. of Atlanta raised its threat level Wednesday to AlertCon 2'on a four-level scale'recommending increased vigilance.

'We've checked with a couple of sources, and we believe it is a valid concern,' said Peter Allor, manager of ISS' X-Force Threat Analysis Services.

Since late last week when the announcement appeared, ISS and other security firms have seen increased reconnaissance traffic, Allor said.

According to its posted rules, the challenge will be a freestyle contest with a goal of defacing 6,000 sites. The individual or team hitting this number first will win. If no contestant reaches that number, the one who reaches the highest number of defacements will win. Duplicate defacements within subdomains will not be counted, nor will defacements in free hosting domains such as geocities or angelfire.

Points also will be awarded based on the server's operating system. Windows OSes will receive one point, Linux and BSD OSes will be worth two points each, AIX will be worth three points, and HP-UX and Macintosh operating systems will be worth five points each. The higher points reflect the fact that there are fewer of these operating systems in Web servers and are less frequently targeted.

The winner apparently gets 500M of Webmail hosting. Judging will be based on defacements reported to and verified on the www.Zone-H.org Web site, which is not connected with the contest.

"Zone-H is the Internet thermometer and when the Internet has a fever, we just want to be there to measure it, nothing more," the web site's administrator said. "Personally I consider this challenge a silly thing."

There are indications that the hacking community is preparing for the contest, Allor said.

'Defacements are down,' he said. 'We believe they are down because they're holding back. There also is an increase in people checking banners and fingerprinting machines.'

Publicly available domain registration information for the defacers challenge site is not accurate, but there are indications of the source of the site.

'We believe that the text of the Web page was translated through a Web translation service,' explaining the bizarre wording and grammar, Allor said. 'The translation, we believe, is out of Portuguese.'

Allor recommended hardening servers by updating patches and turning off unneeded services, and keeping an eye on intrusion detection logs and traffic flows.